Alejandro Mayorkas, the secretary of the Department of Homeland Security, on Wednesday outlined several steps the department and its Cybersecurity and Infrastructure Security Agency would undertake in the next 60 days to address gaps in cybersecurity.
Mayorkas said the department is launching a series of so-called 60-day sprints. “Each is focused on the most important and most urgent priorities needed to achieve our goals,” he said, speaking remotely at the annual RSA Conference of information security experts.
The six areas include fighting against ransomware, improving the resiliency of industrial control systems that undergird water and sewage treatment facilities to withstand a cyberattack, protecting data that underlies transportation and pipeline systems, safeguarding election security, building international partnerships on cybersecurity and finding ways to fill open cybersecurity positions in the federal government.
Mayorkas said the department was partnering with the Girl Scouts to offer cybersecurity internships, building on the organization’s work teaching girls cybersecurity skills and awarding badges for achievements in the field.
In blunt terms, Mayorkas said the federal government on its own can neither stop cyberattacks nor help “achieve our nation’s cyber resilience,” which refers to being able to withstand an attack and continue functioning.
Speaking of the SolarWinds attack carried out by Russian intelligence agencies, Mayorkas said government agencies that got hacked were unaware of the attack until the security research firm FireEye disclosed it.
The hack “underscores the need for the federal government to modernize cybersecurity defenses and deepen our partnerships” with private companies, he said.
President Joe Biden is preparing an executive order that will include a “dozen actions” intended to “advance the federal government’s ability to prevent and respond to cyber incidents,” Mayorkas said.
“The U.S. government will improve in the areas of detection, information sharing, modernizing federal cybersecurity, federal procurement and federal incident response,” he said.
The Biden administration intends to appoint a national cyber director, who would be confirmed by the Senate, Mayorkas said. It’s one of several recommendations made by the bipartisan Cyberspace Solarium Commission in March 2020.
Mayorkas said CISA was expanding its partnership with state officials by placing coordinators in state capitals who would act as liaisons between federal and state governments.
The agency is also working on a proposal to create a “cyber response and recovery fund that will further augment CISA’s ability to provide assistance to state, local, tribal and territorial governments,” he said.